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IN THE CLAIMS 

This listing of the claim will replace all prior versions and listings of claim in 
the present application. 
Listing of Claims 

Claims 1-7 (canceled). 

8. (currently amended)A security management method for supporting a 
security management of each of a plurality of managed systems constituting an 
information system with an electronic computer, comprising: 

a security specification hatching step of extracting an information security 
policy mad e to corr e spond which corresponds to each managed system constituting 
an information system designated by a user from a database describing a 
correspondence o^an between information security paUsy- policies representing a 
petiev- policies of a-security m e asur e measures with at least one managed system 
and said managed systems , to hatch security specifications to be applied to the 
information system; 

a security diagnosis step of executing a plurality of audit programs describing 
a processing for auditing various information including a type of the managed system 
and a software version, which are stored so as to correspond to each set of the 
information security policy and the managed system , th e i nformat i on s e cur i ty po li cy 
a nd th e man a g e d syst e m b ei ng which are specified by security specifications 
hatched in said security specification hatching step, as well as by a security status 
conc e rn i ng th e i nformat i on secur i ty po li cy of th o manag e d syst e m, to audit the 
various information including the type and the software version of the managed 
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system constituting the information system designated by the user, and to diagnose 
a security of said information system; and 

a security handling and management step of executing a management 
program designated by the user, among from a plurality of management programs 
describing a proc e ss i ng process for controlling the security status concerning the 
information security policy of the managed system,, stored so as to correspond to 
each set of the information security policy and the managed system T which are 
specified by the security specifications hatched in said security specification hatching 
st e ps step , to allow said electronic computer to change the security status of the 
managed system corresponding to the management program so as to adjust the 
security status to the information security policy corresponding to the management 
program. 

9. (currently amended)The security management method according to 
claim 8, wherein T in said security diagnosis step, the audit program made to 
correspond to each set of the information security policy and the managed system, 
which are specified by the security specifications hatched in said security 
specification hatching step, is extracted from a database describing a 
correspondence of the information security policy, the managed system and the 
audit program describing a processing for auditing various information such as athe 
type and a the software version of said managed system as well as the security 
status concerning said information security policy of said managed system, and 
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executed, to diagnose the security of the information system designated by said 
user; and 

in said security handling and management step, the management programs^ 
made to correspond to each set of the information security policy and the managed 
system, which are specified by the security specifications hatched in said security 
specification hatching step, are extracted from a database describing a 
correspondence of the information security policy, the managed system and the 
management program describing a processing for controlling the security status 
concerning the security policy, the managed system and said information security 
policy of a security of said managed system, and the management program 
designated by the user is extracted among the extracted programs to be executed, 
to allow the security status of the managed system corresponding to the extracted 
management program to adjust to the information security policy corresponding to 
the management program. 

10. (currently amended)The security management method according to 
claim 8, wherein said security diagnose step is executed periodically. 

1 1 . (currently amended)The security management method according to 
claim 8, wherein T in accordance with a security setting content received from the 
user, said management program changes the security status of the managed system 
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corresponding to the management program so as to adjust the security status to the 
information security policy corresponding to the management program. 

12. (currently amended)The security management method according to 
claim 8, wherein a security hole information published by a security information 
organization including CERT or Computer Emergency Response Team and 
diagnosis results obtained in said security diagnose step which is executed for the 
information system designated by the user are reflected in the database describing 
the correspondence of the information security policy with at least one managed 
system and an said audit/management program stored so as to correspond to each 
set of the information security policy and the managed system. 

13. (currently amended) A security management system for supporting a 
security management of managed systems constituting an information system, 
comprising: 

a database describing a correspondence o^af^- between information security 
soUey- policies representing a policy of a security measure with at least one managed 
system and said managed systems ; 

a security specification hatching section for extracting an information security 
policy mad e to corr e spond which corresponds to each of the managed systems 
constituting the information system designated by a user from said database, to 
hatch security specifications to be applied to the information system; 
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a plurality of audit sections for auditing various information including a type 
and a software version of the managed system as well as a security status 
concerning the information security policy of the managed system, each audit 
section being provided so as to correspond to each set of the information security 
policy and the managed system, which are specified by security specifications 
hatched by said security specification hatching sectionr-aad; 

a security diagnosis section for diagnosing a security of aft- the information 
system designated by said user T based on the bas i s of diagnosis results in each of 
said audit sections; 

a plurality of management sections for controlling a security status concerning 
the information security policy of the managed system, each management section 
being provided so as to correspond to each set of the information security policy and 
the managed system, which are specified by security specifications hatched by said 
security specification hatching step Ti a&4^ 

a security handling and management section for executing a management 
section designated by said user T to change the security status of the managed 
system corresponding to the management progr a m section so as to adjust the 
security status to the information security policy corresponding to the management 
program section . 
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